Migrating to Office 365 … have you forgotten something?

We fielded an interesting call recently. The director of IT at a prestigious University explained that they had migrated all their faculty, students, and staff to Office 365. When asked about PST files, he said yes they had plenty of them, but Microsoft had moved these files to the cloud for them as well. So all his PSTs were in the cloud, he said.

But when we asked if they had moved them themselves, we were told no, Microsoft said PST Capture would do it. After we explained how PST Capture works, that Microsoft gives the tool away but it’s still up to individual organizations to actually use it, there was silence – he realized he still had PST files all over the place. And this was a problem.

The perfect opportunity to manage your data

Whether you are migrating to a Virtual Desktop infrastructure, moving your email to the cloud, or moving from using local Office applications to using Office 365 web applications, a migration offers organizations the chance to clean up and regain control of their data.

Why would any company invest in a brand new system and fill it up with information of no business value, or leave information of potential value behind? Cleaning up and deciding what data should be migrated and retained can help set a precedent for managing that information process more effectively going forward.

PST files are a perfect example of information that should be identified and actively managed prior to or during a strategic IT project such as VDI, migration to Office 365 or Exchange online, or even a BYOD initiative.

Migrating PST files doesn’t happen automatically

With Exchange 2010, Microsoft moved away from the use of auto archives or PST files and provided the ability to create online archive mailboxes. They acquired a simple tool for migrating PST files, which they released as “PST Capture”. This was accompanied by a series of blogs and articles which talked about how organizations could migrate all their PST files back into Exchange and use their new archive mailboxes. Unfortunately the PST Capture tool, whilst it is free, is also unsupported.

PST Capture can migrate PST files on a small scale, but it’s not really a robust and automated solution. It has many limitations, and it requires that client software be installed on every machine where PST files might reside. There’s still a lot of manual effort required, and any IT organization that has been through the process of discovering and migrating PST files will be well aware of the amount of work this can take. Even if a consultant is brought in to manage the migration, they still have to set ground rules for how to handle exceptions, where to put files, who to migrate first, etc. It’s not something that just happens in the background.

And it’s certainly not something that Microsoft “does automatically” when an organization migrates to Office 365.

Maybe the problem will just “go away”?

Going back to our call with the University, the Director of IT said that they were no longer getting any issues reported with PST files. That was why they assumed those files were already up in the cloud along with the rest of their users’ data. This may have been because the information kept in those older PST files had little or no business value. The University had eliminated mailbox quotas some time before their migration to Office 365, and as a result, users had stopped needing to use PST files to keep their older email.

So, taking his users’ viewpoint, he now made the assumption that their PST files were largely irrelevant. Even though he understood they weren’t in the cloud, he assumed that since nobody had asked about them recently and he had stopped getting support calls about them, nobody needed them any longer. So why not just leave them there?

Don’t forget the ongoing risk

The problem the University needs to face up to is the legal risk and liability that goes along with all that unmanaged data contained within PST files.

As a public University, they may face two potential problems: eDiscovery for litigation, and eDiscovery for Freedom-of-Information requests. While FOIA requests tend to be current, eDiscovery requests always focus on past events – sometimes years past. In fact, the information being requested can often be found in PST files, rather than live mailboxes or even Exchange archives.

Many litigants know that PST files can contain a wealth of relevant or useful information, so they are not averse to specifying the inclusion of PST files when a discovery request is made. Bear in mind that “if data exists, it’s discoverable” even if there are legal and valid reasons why this data should have been disposed of years earlier.

Therefore, the PST data that was left behind when users were migrated to Office 365 now presents the University with a very real problem. Having PST files in locations that are not under the central control of the IT department means that these files fall outside corporate backup and retention processes, thereby compromising adherence to compliance standards. If the University need to perform investigations and discovery, they have an almost impossible mission to find out exactly where these files exist or what is contained within them. In a litigation request, they could argue that “reasonableness” does not include querying PST files from users’ desktops. But if a plaintiff is a former user, maybe already having those PST files in their possession, that argument doesn’t work, and the University would almost certainly face sanctions.

Is the problem of PST files easily fixed?

For this University, the good news is that their PST files are no longer causing them any support issues, so it would not be unreasonable for them to assume that some or all of the data within these files no longer has any business value.

The bad news is that in order to eliminate the risk caused by PST files, they still need to locate each file and determine the owner. They then need to migrate any data they need to keep, and finally delete each file to ensure they are eliminated.

The best answer for them is a dedicated PST migration tool such as Barracuda’s PST Enterprise. This can scan their whole IT environment and find all PST files, including those that aren’t immediately obvious, such as files that are on user desktops or stored on network shares. It can automatically determine the owner for each PST file by scanning the contents. Migration policies can be set to determine which data is kept and migrated, and which data is deleted. And finally, it can automatically delete files once they have been processed.

Don’t assume your PST files are being managed

The problem the University ran into is that they didn’t really understand the scale or depth of problems that PST files can cause, and nobody identified or addressed these problems for them during their migration to Office 365.

If you have a problem with PST files, or if you think that you might, then make sure you ask the right questions. Don’t assume that somebody is taking care of these files during your migration to the cloud. And if you’re already in the cloud, ask yourself whether you’ve left anything behind. The risks of ignoring the problem are simply too great.